Accepted exim4 4.90.1-4~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Mar 2018 13:20:34 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source amd64 all
Version: 4.90.1-4~bpo9+1
Distribution: stretch-backports
Urgency: critical
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
exim4 - metapackage to ease Exim MTA (v4) installation
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dev - header files for the Exim MTA (v4) packages
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 783813 865287 871688 874772 882648 882671 887489 887971 887972 890000
Changes:
exim4 (4.90.1-4~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
exim4 (4.90.1-4) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch:
75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch
75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
75_13-Unbreak-DMARC.patch
75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch
.
exim4 (4.90.1-3) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch:
75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch
75_08-Mark-variables-unused-before-release-of-store-in-the.patch
75_09-Mark-variables-unused-before-release-of-store-in-the.patch
75_10-Mark-variables-that-are-unused-before-release-of-sto.patch
.
exim4 (4.90.1-2) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch:
75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch
75_02-Fix-memory-leak-during-multi-message-reception-using.patch
75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch
75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch
75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch
75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch
.
exim4 (4.90.1-1) unstable; urgency=high
.
* New upstream version, fixing CVE-2018-6789. Closes: #890000
+ Drop 75_*.patch.
.
exim4 (4.90-7) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch. (exim-4.90.0.27)
+ 75_21-DKIM-fix-buffer-overflow-in-verify.patch
+ 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
+ 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
* Typo fixes in old patch descriptions. (Thanks, lintian!)
.
exim4 (4.90-6) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch.
+ 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
+ 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
Closes: #887489
+ 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
+ 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch
.
exim4 (4.90-5) unstable; urgency=low
.
* Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
exim-4_90+fixes branch.
* Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
* [update-exim4.conf] stop converting variables set to an empty value in
/etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
"empty" in the generated configuration. Thanks, Gedalya. Closes: #887972
.
exim4 (4.90-4) unstable; urgency=low
.
* Update from exim-4_90+fixes branch.
75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
75_14-Fix-D-string-expansion-to-not-use-millisec.patch
75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch
.
exim4 (4.90-3) unstable; urgency=medium
.
* Three more patches from exim-4_90+fixes branch:
75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch
.
exim4 (4.90-2) unstable; urgency=medium
.
* Update to exim-4_90+fixes branch:
+ Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
+ 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
+ 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
+ 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
+ 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
+ 75_05-Fix-build-of-nisplus-lookup.patch
+ 75_06-Fix-const-issue-in-nisplus-lookup.patch
+ 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
+ 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch
.
exim4 (4.90-1) unstable; urgency=low
.
* rc4 released as 4.90.
* Point watchfile to release directory again.
* 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
GIT master branch. Fix pgsql lookup for multiple result-tuples with a
single column. Previously only the last row was returned.
https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
* Simplify debian/rules and make it usable with dh v10 compat. The
fine-grained support for selecting the to be built packages (-custom with
or without -base) was dropped. The build process is now controlled by
attaching tasks to dh-override hooks instead of using file dependencies,
makefile-style. The latter broke with dh v10 due to upstream's
build-system which always has the main targets out-of-date inter alia due
to the compile-number feature.
* Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
buildflags ATM.)
* Use debhelper v10 compat.
* Drop override_dh_strip-arch, we have had enough toolchain and
source changes to prevent file conflicts.
.
exim4 (4.90~RC4-1) unstable; urgency=medium
.
* New upstream version.
.
exim4 (4.90~RC3-2) unstable; urgency=low
.
* Upload to unstable.
* Point homepage to https URL.
.
exim4 (4.90~RC3-1) experimental; urgency=medium
.
* New upstream version.
+ Fix a use-after-free while reading smtp input for header lines.
A crafted sequence of BDAT commands could result in in-use memory
being freed. CVE-2017-16943. Closes: #882648
+ Fix checking for leading-dot on a line during headers reading
from SMTP input. Previously it was always done; now only done for
DATA and not BDAT commands. CVE-2017-16944 Closes: #882671
* Drop 78_Disable-chunking-BDAT-by-default.patch again.
.
exim4 (4.90~RC2-3) experimental; urgency=medium
.
* As a workaround for the yet-unfixed security vulnerability resurrect (and
adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
.
exim4 (4.90~RC2-2) experimental; urgency=low
.
* B-d on lynx, instead of lynx-cur | lynx.
.
exim4 (4.90~RC2-1) experimental; urgency=low
.
* New upstream release candidate.
+ Unfuzz patches, drop 40_reproducible_build.diff and
75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
+ Refresh debian/example.conf.md5, No changes to Debian's configuration
needed, upstream added a (commented) entry to change OpenSSL ciphers.
.
exim4 (4.90~RC1-1) experimental; urgency=low
.
* New upstream release candidate.
+ Point watchfile to test subdirectory.
+ Update 40_reproducible_build.diff
+ Drop 75_fixes*.patch and
80_Repair-manualroute-transport-name-not-last-option.patch.
+ Unfuzz EDITME*.diff
+ 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
SOURCE_DATE_EPOCH is set.
* Drop trailing whitespace in debian/README.source, debian/changelog and
debian/rules. (Thanks, lintian)
* Drop debian/README.source and outdated parts of debian/copyright.
.
exim4 (4.89-13) unstable; urgency=high
.
* 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
.
exim4 (4.89-12) unstable; urgency=high
.
* Sync with exim-4_89+fixes branch:
+ 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
+ 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
* Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.
.
exim4 (4.89-11) unstable; urgency=critical
.
* B-d on lynx, instead of lynx-cur | lynx.
.
exim4 (4.89-10) unstable; urgency=critical
.
* As a workaround for the yet-unfixed security vulnerability resurrect
78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
.
exim4 (4.89-9) unstable; urgency=medium
.
* Upload to unstable.
.
exim4 (4.89-8) experimental; urgency=low
.
* Sync with exim-4_89+fixes branch:
75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch
75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch
* Point watchfile to https site.
.
exim4 (4.89-7) unstable; urgency=low
.
* In debian/rules' manually called update-mtaconflicts target use
grep-aptavail instead of hard-coding /var/lib/apt/lists/.
(Thanks, Julian Andres Klode) Closes: #874772
* Update debian/mtalist.
* Sync with exim-4_89+fixes branch:
75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch
75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch
75_fixes_15-SOCKS-fix-unitialized-pointer.patch
75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch.
.
exim4 (4.89-6) unstable; urgency=medium
.
* Use "runuser --command ..." instead of "su - --command ..." in
exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688
(Thanks, Jakobus Schürz)
* Sync priorities with override file: exim4{,-base,-config,-daemon-light}
optional from standard, exim4-dev optional from extra.
* In debian/rules when setting up the build-tree for -custom also copy
EDITME.eximon to allow building based on EDITME.exim4-light with eximon
building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813
.
exim4 (4.89-5) unstable; urgency=medium
.
* Update to exim-4_89+fixes branch:
75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch
75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch
(replaces 79_CVE-2017-1000369.patch)
75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces
81_Fix-log-line-corruption-for-DKIM-status.patch)
75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch
75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch
75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch
(CVE-2017-10140)
75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch
75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch
75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch
* Simplify debian/rules by including buildflags.mk unconditionally which was
introduced in dpkg 1.16.1 released in October 2011.
* Use pkg-info.mk to get package-version, upstream-version and
SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not
provided by pkg-info.mk.
* [lintian] In *daemon.postinst use which certtool instead of
[ -x /usr/bin/certtool ] to check for availablility of the command.
.
exim4 (4.89-4) unstable; urgency=low
.
* 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
master: Starting with 4.85 a transport name needed to specified after
options in route_list. Closes: #865287
* Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
* Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
default.
* Standards-Version: 4.0.0
+ Do not check for availability of invoke-rc.d, use it always and do not
fall back to invoking the init-script directly.
+ Drop eximon menu file.
* Migrate to automatic debug packages. Bump b-d on debhelper since
--dbgsym-migration was introduced in debhelper 9.20160114.
.
exim4 (4.89-3) unstable; urgency=high
.
* Re-upload to unstable.
Checksums-Sha1:
04a66ed1357de886bfd5b66708212ea7aa7c64e3 2874 exim4_4.90.1-4~bpo9+1.dsc
ffd8c97632c6a875557f8eca766bcdcfa4fb04f1 458832 exim4_4.90.1-4~bpo9+1.debian.tar.xz
15ed99f0623156fc7f595ea913f49a801eae0c7a 269998 exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
e350475556850232ea5359211b822e7f6d2bde37 1109454 exim4-base_4.90.1-4~bpo9+1_amd64.deb
8dff565b6b1c94cdd98f5e3bb074fe8976790fbd 380136 exim4-config_4.90.1-4~bpo9+1_all.deb
b43ac6610cdfa96167ae90e09d0fa1a6fafd2898 2090666 exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
ddf91c220e329acbf14d663af5528d3e6b7e260e 614514 exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
4b3a68b33d3809eeedf9c1692daf1ddc43a81a90 1782900 exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
c3fbdaf003b272a328db8526e5b826abf738699d 562988 exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
a3d239d52079ac42fd3512d1107ac6d8a245a55c 102468 exim4-dev_4.90.1-4~bpo9+1_amd64.deb
7f00ff221ba835de0b19a0d585337eef478a076b 7874 exim4_4.90.1-4~bpo9+1_all.deb
6b04e7e05e784f62bb54f1c969a9138fb6faf523 11481 exim4_4.90.1-4~bpo9+1_amd64.buildinfo
fcc5f374a9e2f9143048327f38a02a487b3b9101 275760 eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
c8084eb2b08dc39207e4b4f9078012f917e7f000 132332 eximon4_4.90.1-4~bpo9+1_amd64.deb
Checksums-Sha256:
dc1f315c8b0d3a99062e1d79be4e85e5dc7934319187f14ea368cf5c80444ed6 2874 exim4_4.90.1-4~bpo9+1.dsc
b022de611f539d5310775463e60c32c2536553897467fef536b121dd6ac201ec 458832 exim4_4.90.1-4~bpo9+1.debian.tar.xz
1a797d9f6d35f127ee332072e7c47064812fc1b3ca946024e7c4f13d1a14f4a0 269998 exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
ebd960f76f07041a6831477ed065dc1d6b0bbd550dd157a9c3f4330b2a80016c 1109454 exim4-base_4.90.1-4~bpo9+1_amd64.deb
944bd49eb67c54fa6c132aa6e80e6c0f061b0905ac5c1737f11157ecc2731865 380136 exim4-config_4.90.1-4~bpo9+1_all.deb
57504fa6124ebb4b57792b765b4d5a2c85957144ecded4a1fbfa8e2c62a82efc 2090666 exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
d441d1a890592aed37197c856a613042836038aeddbf6e691c5e011d44043340 614514 exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
4ca91e67f6472959b9dd1a89feb14a1c07009826a82039b33e5b691f97ab800b 1782900 exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
d4448ce60eaaa61520cf1c1bbf02c67e2ea54c0f28829b7a7483dc32d86e0639 562988 exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
e808c88b3b561041fb1ffab0f565626e4a6f7dd629e158465e64e2d5c558e747 102468 exim4-dev_4.90.1-4~bpo9+1_amd64.deb
4cf8c1b9e5007b04c4f686d91cf9b949f9d679cb38b1b9baa164b067e73aafac 7874 exim4_4.90.1-4~bpo9+1_all.deb
5ff7503a11bdd5eab9745ac8407187eb1b9113541b1d63106e9069a1d17c4711 11481 exim4_4.90.1-4~bpo9+1_amd64.buildinfo
a97676303d02e555f8396deedb6ff023502ff4b26c355675073c4b54b5642d07 275760 eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
018840a06e9654436120cbfb1f4b57a9be353ce9c9dd6e4bac60e820ba8b80a1 132332 eximon4_4.90.1-4~bpo9+1_amd64.deb
Files:
443ae0fd7a4529d03e8b8e609888793d 2874 mail standard exim4_4.90.1-4~bpo9+1.dsc
759747ee6b93781d9d23e4dbe1279483 458832 mail standard exim4_4.90.1-4~bpo9+1.debian.tar.xz
1e3e14e83692519a9b3fc69f553c2142 269998 debug extra exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
dceebc1653e5ab44945f008612629c05 1109454 mail optional exim4-base_4.90.1-4~bpo9+1_amd64.deb
0a7f6a9cbfa89182491ad8174d78b781 380136 mail optional exim4-config_4.90.1-4~bpo9+1_all.deb
46143597f027f82a44fd04309face121 2090666 debug extra exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
6311431b676a0d3071d4c6dd960a4322 614514 mail optional exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
ca676c42dc59fef9b972a0a7c02e4560 1782900 debug extra exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
618c92776194f75621f624f4b68bfc5a 562988 mail optional exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
15f650b5b57f36fd17a390b136d26d11 102468 mail optional exim4-dev_4.90.1-4~bpo9+1_amd64.deb
57ee5343011ccfef39e6eebcb57b7eac 7874 mail optional exim4_4.90.1-4~bpo9+1_all.deb
aa6e1ebaafd8cc11980564c4ce0b8aa3 11481 mail standard exim4_4.90.1-4~bpo9+1_amd64.buildinfo
3cfbeca2b498b0c535ad07c958ad9557 275760 debug extra eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
069039795b965fb61ca6a320c0fc14d5 132332 mail optional eximon4_4.90.1-4~bpo9+1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlq/cOwACgkQpU8BhUOC
FISobQ/9ER7gLIxWL/wvlZfkWmyLYK5GT7dDirzsPiXvQI12DATGJPx/fleTT1e0
0MkOpdTyqq7BjS44BTAIsJ5IkAqdFHGID4aqCZ9p/U3SV5a2kyKSKStTIYjESZKv
IoIuf3iog9RMj95UduQvqAKCGtUu2Y8Mtmh8pUpRryDJ21W6QvmX4jl3uFcWCmHh
m3h8SklKkT+qMtxcOQxeMYKxirWM8xseEyR9ZFu+8xdEACnQoVoLFcAvLYaKoylr
pPDn7FMVDfaE6PPz/9T2JqekMzObnWbDX86itCJf4wgB3aLp3KO99gTMlcFN8ksa
kUrPvuzqmBuuiV9sPT2HB7PIXUMnsoqBWVGB5PsjY0X524A2H9uiHSOSXHRSCgv8
5zKT8aJgb1uj0RHrs0wBOAd69JY4Eg/6vJdNv0zSrsBLXT6EuwlgCTjm3+qkASwp
37YMQXJZgUjlhTC0uJrj4AVoixsLwo2ygOMfXt3bHebm/nPnac8hjiVULXt/Pm0k
3USXU3ODjdSABWrvB09z8eChYVIhUGJRAFnYex34gAK5J0IFuxsJk12Hy0DhhZOx
ahmx+y1BM+m2GqjPJEIupoGgIUyAbGvxkGRaJVAtrJ0HhdQielzI/81+Jg+QGk2h
xxsS9EKxUc/tzqEdGsqbmcVXk9gOO1HJdgzE36oS68bf32NOzq4=
=TlMt
-----END PGP SIGNATURE-----
Reply to: